Spy bug compromises Apple’s security

Tomas Foltyn, security writer at ESET discusses the latest security debacle with Apple after a spy bug was discovered in Apple’s video and audio call app FaceTime that can be easily exploited to spy on people.

Apple is promising to issue a software update later this week to fix a strange and serious bug in Apple’s video and audio call app FaceTime that can be easily exploited to spy on people, according to a 9to5Mac report.

This is after another report on the site revealed late yesterday that the glitch allows any iPhone user to video-call another iPhone user via FaceTime and listen in on the audio on the other end – before the recipient has accepted or rejected the incoming call.

How does it work? In short, the caller would initiate a FaceTime video call and immediately afterwards launch the app’s group calling feature by tapping on ‘Add person’ and adding their own phone number. That’s all it takes to trick FaceTime into believing that the recipient has just answered the ‘conference call’, enabling the caller to hear the audio on the other end – unbeknownst to the victim.

Meanwhile on the screen of the victim’s device, it would appear as if the phone were still ringing with the FaceTime request.

What is more, while it was at first believed that ‘only’ the audio can be exposed, BuzzFeed News later wrote that the bug can apparently also activate the front-facing video camera of the recipient’s handset. If the recipient dismisses or silences the incoming FaceTime conference call by pressing the power button or one of the volume controls, their handset will begin to send live video, too. Again, this happens with zero awareness on the victim’s part.

The ‘exploit’, so simple as to being bizarre, is also ‘deployed’ when making a FaceTime call from an iPhone to a Mac computer. According to the CNN, the bug affects iPhones and iPads running iOS 12.1, which introduced Group FaceTime, as well as computers running macOS Mojave.

The issue has attracted the attention of Governor of New York Andrew M. Cuomo, who called the bug “an egregious breach of privacy”.

The Verge reports that Apple’s disabling of Group FaceTime has largely fixed things while the software update is in the works. If that doesn’t ease your concerns, however, you may want to deactivate the app until Apple delivers the update.